Petya Ransomware/Malware Recommended Considerations for DeltaV Users

On the 27th of June 2017, we became aware of the “Petya ransomware/malware” (also called NotPetya) cyber-attack spreading throughout the world causing computers to be encrypted and victims to see a request for ransom on their computer screens.

This ransomware is still under investigation, however it appears similar to the “WannyCry ransomware”. The Petya malware exploits a Microsoft Windows vulnerability in the SMB (Server Message Block) protocol, as well as other unconfirmed exploits (including credential harvesting and remote execution utilities), which allows it to spread within networks. The ransomware also appears to also overwrite the Master Boot Record (MBR). Multiple global organizations have reported network outages, including government and critical infrastructure operators.

Ransomware attacks are becoming much more common, but they are now seen paired with exploits that spread as a network worm. The recent WannaCry attacks in May 2017 highlighted that many Windows O/S systems were not (maybe still are not) patched for the SMB vulnerability. Further to this, the fact that Petya ransomware seemingly spread primarily using this same vulnerability shows that many systems may still be vulnerable, despite the recent attention from the WannaCry infection.